Privacy Notice

TODD Architects are making continual improvements to our processes and policies, ensuring our employees understand their roles and the requirements that we must meet as an organisation.

This section of our Privacy Notice explains how we handle and process data that relates to non-employee data). If you have any questions or concerns, please contact our Office Manager.

This sets out what personal data we hold about you, how we collect it, and how we use it for the performance of contracts and marketing. It applies to anyone in our Interested Parties Register and contacts and organisations’ database, Union Square.

Data that we retain under legitimate interest to deliver a project includes:

  • Organisation Names
  • Contact Names within an Organisation
  • Addresses
  • Email addresses
  • Geolocation data
  • Insurances
  • Accreditations

What type of special category personal data do we hold about you? Why? And on what legal grounds?

We will only collect, hold and use limited types of special category data about you, as described below.

Criminal records information/DBS checks

Due to our work with education providers (Schools, Colleges and Universities), Ministry of Justice and Ministry of Defence and Aviation providers, we may ask you to complete a DBS or Security Clearance. For the majority of our External Contacts we do not collect this data. However, should our clients require you to have these checks to enter their premises or work on their projects we will inform you.

In the context of the Performance of Contract we will use this information to assess your suitability to form part of an External Team for projects where these checks need to be in place e.g. schools, MOD schemes etc.

Our additional legal ground for using this information is that of Legal Obligation.

Why do we hold your data?

We need it to undertake a project (Performance of Contract), because you are a member of the external team on one of our projects.

We need it to comply with a legal obligation (Legal Obligation), e.g. if you are a member of the external team on one of our projects we are required to retain your details for the duration of the contract.

How do we process data?

When working on a project:

  • In emails and letters
  • In the project brief
  • On drawings (physical and PDF/other digital media)
  • In models on common data environments/clouds
  • In visualisations
  • In internal business strategy documents
  • To obtain client feedback

We confirm that we will not share your details with an external party for an unrelated interest such as marketing.

What do we use it for?

  • To invite you to an event such as an awards dinner;
  • To send you post-event follow-up information
  • At a public event, we may ask for your details as part of a promotional activity. We will use these details to contact you if you have won. Such promotional activities will be covered by this privacy notice and we will require you to agree to this before entering.
  • We may ask you for your opinion on projects or for feedback on our own service. This could be used to help improve our business performance, or for an external marketing campaign. In this instance, we may require your personal details. If such research does take place, it will refer to this privacy notice which you must agree to before taking part. We will only use these with explicit consent which would be associated with a single article.


As required under the ARB Code of Conduct (ARB 2017), we confirm that adequate security is in place to safeguard both paper and electronic records for our clients, consultants, suppliers and staff, taking full account of data protection legislation, and that any confidential information is safeguarded. We confirm that we have assessed and checked for compliance any external parties which process data for our practice such as our IT maintenance providers, accreditation bodies, pension and insurance providers and that they have taken reasonable precautions to safeguard personal data and meet the requirements of the current legislation.

We confirm that we adopt a proactive approach to data protection and undertake a data protection impact assessment at the outset of a project to determine what data we will need to process throughout the project, why it needs to be processed and how you will be processing it.

How do we collect your personal data?

You provide us with most of the personal data about you that we hold and use, for example on a business card, email signature or through verbal discussions.

Some of the personal data about you that we hold and use is generated from internal sources following a Business Development meeting. For example, we may record that you have particular sector experience.

Some of the personal data about you that we hold and use may come from external sources. We may also obtain information about you from publicly available sources, such as your LinkedIn profile or other media sources.


We seek consent from everyone whose personal data we collect and administer explaining exactly what it will be processed for at the outset. Consent can be revoked at any time and will be reviewed annually.

Who do we share your personal data with?

We will only share your personal data with:

Legal/professional advisers

We share any of your personal data that is relevant, where appropriate, with our legal and other professional advisers, in order to obtain legal or other professional advice about matters related to you or in the course of dealing with legal disputes with you or your company.

Our legal grounds for sharing this personal data are that: it is in our legitimate interests to seek advice to clarify our rights/obligations and appropriately defend ourselves from potential claims; it is necessary to comply with our legal obligations/exercise legal rights in connection with contract; and it is necessary to establish, exercise or defend legal claims.

Data Retention

We confirm that all drawings, models, information, data and correspondence will be retained from initial contact with our clients through to the end of the limitation period (12 years post contract/practical completion) and any limitation extension. This is to be able to respond to any legal claim or similar. However, should you request your data that we retain be deleted before the end of the limitation period, we confirm that we will do so with immediate effect.

If you are involved with a project (i.e. part of an external team), we are required to retain your details for the duration of the contract i.e. 12 years. However, we may need to retain these for longer, if there are specific legal circumstances associated with a contract that require us to hold your personal data.

If you are not involved in a project but you have provided your consent for us to hold your personal data for the purposes of contacting you e.g. for event invitations, then your consent will be requested again every year.

Your rights

You have legal rights relating to your personal data, which are outlined here:

  • The right to make a subject access request. This enables you to receive certain information about how we use your data, as well as to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • The right to request that we correct incomplete or inaccurate personal data that we hold about you.
  • The right to request that we delete or remove personal data that we hold about you where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
  • The right to object to our processing your personal data where we are relying on our legitimate interest (or those of a third party), where we cannot show a compelling reason to continue the processing
  • The right to request that we restrict our processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
  • The right to withdraw your consent to us using your personal data. As described above, we do not normally rely on your consent as the legal ground for using your personal data. However, if we are relying on your consent as the legal ground for using any of your personal data and you withdraw your consent, you also have the right to request that we delete or remove that data, if we do not have another good reason to continue using it.
  • The right to request that we transfer your personal data to another party, in respect of data that you have provided where our legal ground for using the data is that it is necessary for the performance of a contract or that you have consented to us using it (this is known as the right to “data portability”).
  • The right to object to a decision based on automated decision-making, including the right to voice your opinion, and obtain human intervention in the decision-making.

If you have any questions or concerns about how your personal data is being used by us, you can contact our Office Manager.

Note too that you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. Details of how to contact the ICO can be found on their website:

Privacy Notice for External Contacts (PDF Download)